Cognito’s Data Privacy Statement summarizes the important information about how Cognito collects, uses and discloses personal data and ensures compliance with the laws and regulations throughout the world where we operate.
How we define personal data
Personal data is information (including opinions) that relates to an individual and from which he or she can be identified either on its own or indirectly through other data which the firm has or is likely to have in its possession.
The company is the data controller of the personal data we process and therefore is responsible for ensuring our systems, processes, suppliers and our people comply with data protection laws, including the UK GDPR, in relation to the information we handle.
All of our people abide by this policy when handling personal data and where required, take part in any necessary data protection training. Any breach will be taken seriously and may result in disciplinary action.
We have a Data Protection Team who oversees compliance with data protection laws and this policy and provides guidance and advice to the firm and Cognito people as required.
Principles of Data Protection
Cognito has adopted the following principles to govern use, collection and disclosure of personal data. These principles have been established to create a uniform standard across all our offices taking account of the laws in the jurisdictions in which we operate.
Cognito’s core principles provide that personal data must:
- be processed fairly and lawfully and to the extent required under local laws with valid and informed consent;
- be obtained for specific and lawful purposes;
- be kept accurate and up to date;
- be adequate, relevant and not excessive in relation to the purposes for which it is used;
- not be kept for longer than is necessary for the purposes for which it is used;
- be processed in accordance with the rights of individuals;
- be kept secure to prevent unauthorized processing and accidental loss, or destruction; and
- will only be transferred to, or accessed from, another jurisdiction where these core principles cannot be met unless it is adequately protected.
Collection, Use and Disclosure
The types of data we collect and process fall into one of the following categories:
- personal data relating to subscribers to our newsletters and other promotional materials; and
- personal data obtained and created in relation to providing our services.
Subscribers to our newsletters and other promotional material
Types of Data
This is information such as name and business information (email address, job title, who you work for).
Additional information may be processed where it is provided by you, for example in correspondence, in connection with an event or in letting us know what areas you are interested in and when you wish to be contacted by us.
Our websites may also collect your device's unique identifier, such as an IP address.
Data is collected in our CRM system when you register to receive newsletters or updates, or we otherwise receive your contact details.
You will receive a notice when your details have been added to the CRM database. You can revisit your profile at any time to amend your information or preferences or to provide additional details.
You will also be provided with the option to opt out and/ or be removed from the CRM database with each marketing communication you receive from us.
Personal data will be used to:
- complete any request you may make;
- contact you with marketing communications, updates, breaking news, newsletters and event invitations which we think are relevant to your interests and in line with your preferences;
- make users' experiences more efficient and understand how we can improve your browsing preferences and the services Cognito provides; and
- analyze what subjects are of interest to particular users so that we can improve the content in our newsletters and promotional material.
- which is shared with service providers will be limited to that which is required for providing the service and will be adequately protected;
- will not be given to other third parties, apart from in limited circumstances for example, where we run a joint seminar and you book onto it.
Types of Data
This is information processed for relationship management and file opening procedures such as name, business information and identification documentation.
Relationship management and file opening information is collected from you directly and further information (e.g. to verify your identity) may be collected from third parties, such as publicly available sources.
All additional personal data is collected when supplied to us, or created by us in connection with a particular matter on which we are advising. Where relevant, this may be through a web-based service you are using.
Relationship management and file opening data is used for providing our services, administration, commercial purposes or as required by law (e.g. KYC or Anti Money Laundering Provisions).
All other personal data will be used for the purposes of providing our services and to comply with our statutory/ regulatory obligations
In relation to our web-based services we will monitor and record information relating to use of the services. This will include how and when the system is accessed and how data is uploaded.
- may be transferred worldwide to our affiliates, and to service providers who support the operation of our business;
- which is shared with service providers, limited to that which is required for providing the service and will be adequately protected.
Cognito understands that personal data must be processed in line with individuals' rights, including the right to:
- request a copy of their personal data;
- request that their inaccurate personal data is corrected;
- request that their personal data is deleted and destroyed when causing damage or distress; and
- opt out of receiving any or all electronic communications from Cognito.
Should you wish to make a request in line with your rights as an individual, please forward it to the Data Protection Team.
Should you have any questions or complaints
If you have any questions or complaints relating to how the firm has processed your personal data, please contact the Data Protection Team: email@example.com
Our people will also inform the Data Protection Team immediately if they receive a complaint relating to how the firm has processed personal data so the firm's complaints procedure can be followed.
We are registered under the Data Protection Act 1998 and as such, any information concerning the Client and their respective Client Records may be passed to third parties. However, Client records are regarded as confidential and therefore will not be divulged to any third party, other than if legally required to do so to the appropriate authorities.
Clients have the right to request sight of, and copies of any and all Client Records we keep, on the proviso that we are given reasonable notice of such a request. Clients are requested to retain copies of any literature issued in relation to the provision of our services. Where appropriate, we shall issue Client’s with appropriate written information, handouts or copies of records as part of an agreed contract, for the benefit of both parties. We will not sell, share, or rent your personal information to any third party or use your e-mail address for unsolicited mail. Any emails sent by this Company will only be in connection with the provision of agreed services and products.
Transfer of Data between Jurisdictions
As an international company, personal data may be transferred between our various offices worldwide due to, for example, shared IT systems and/or cross border working.
If you have any questions at all about transfer of data between jurisdictions please contact the Data Protection Team: firstname.lastname@example.org